SSH Can Handle Spaces In Command-line Arguments Strangely

July 15, 2023 by Donald Papp 48 Comments

One of the things ssh can do is execute a command on a remote server. Most of us expect it to work transparently when doing so, simply passing the command and its arguments on without any surprises in the process. But after 23 years of using OpenSSH on a nearly daily basis, [Martin Kjellstrand] got surprised.

It turns out that the usual rules around how things are parsed can have some troublesome edge cases when spaces are involved. [Martin] kicks off an example in the following way:

One would reasonably expect the commands figlet foobar bar\ baz and ssh localhost figlet foobar bar\ baz to be functionally equivalent, right? The former ultimately runs the command “figlet” with arguments “foobar” and “bar baz” on the local machine. The second does the same, except with ssh being involved in the middle. As mentioned, one would expect both commands to be functionally identical, but that’s not what happens. What happens is that ssh turns bar\ baz into two distinctly separate command-line arguments in the process of sending it for remote execution: “bar” and “baz”. The result is mystification as the command fails to run the way the user expects, if it runs at all.

What exactly is going on, here? [Martin] goes into considerable detail tracking down this odd behavior and how it happens, but he’s unable to ultimately explain why ssh does things this way. He suspects that it is the result of some design decision taken long ago. Or perhaps a bug that has, over time, been promoted to entrenched quirk.

Do you have any insights or knowledge about this behavior? If so, [Martin] wants to hear about it and so do we, so don’t keep it to yourself! Let us know in the comments, below.

SuSE Take On Red Hat, Forking RHEL

July 12, 2023 by Jenny List 18 Comments

One of the Linux stories of the moment has come from Red Hat, with their ongoing efforts to make accessing the source of their Red Hat Enterprise Linux product a paid-for only process. This has caused consternation and annoyance alike, from the open source community angry at any liberties taken with the GPL, and from the community of RHEL users and customers concerned as to what it might mean for them.

Now a new player has entered the fray in the form of SuSe, who have announced the creation of an RHEL fork with the intention of maintaining a freely-available Red Hat compatible operating system distribution.

This is good news for all who use Red Hat derived software and we expect the likes of Rocky Linux will be taking a close look at it, but it’s also a canny move from the European company as they no doubt hope to tempt away some of those commercial Red Hat customers with a promise of stability and their existing experience supporting Red Hat users through their mixed Linux support packages. We hope they’ll continue to maintain their relationship with the open source world, and that the prospect of their actions unleashing a new commercial challenge causes Red Hat to move away from the brink a little.

Need some of the backstory? We’ve got you covered.

The perfect header for this story comes via atzerok, CC BY-SA 2.0.

Jenny’s Daily Drivers: Slackware 15

July 10, 2023 by Jenny List 50 Comments

As a recent emigre from the Ubuntu Linux distribution to Manjaro, I’ve had the chance to survey the field as I chose a new distro, and I realised that there’s a whole world of operating systems out there that we all know about, but which few of us really know. Hence this is the start of what I hope will be a long-running series, in which I try different operating systems in my everyday life as a Hackaday writer, to find out about them and then to see whether they can deliver on the promise of giving me a stable platform on which to earn a living.

For that they need an internet connection and a web browser up-to-date enough to author Hackaday stories, as well as a decent graphics package. In addition to using the OS every day though, I’ll also be taking a look at what makes it different from all the others, what its direction and history is, and how user-friendly it is as an experience. Historical systems such as CP/M are probably out of the question as are extremely esoteric ones such as the famous TempleOS, but this still leaves plenty of choice for an operating system tourist. Join me then, as I try all the operating systems.

A Distro From The 1990s, Today

A desktop mini tower PC with monitor showing the Slackware boot screen — The Hackaday test PC gets its first outing.

When deciding where to start on this road, there was an obvious choice. Slackware was the first Linux-based distribution I tried back in 1995, I’m not sure which version it was , but it came to me via a magazine coverdisk. It was by no means the first OS that captured my attention as I’d been an Amiga user for quite a few years at that point, but at the moment I can’t start with AmigaOS as I don’t have nay up-to-date Amiga-compatible hardware.

July 2023 also marks the 30th anniversary for the distro making it the oldest one still in active development, so this seems the perfect month to start this series with the descendant of my first Linux distro. Slackware 15 comes as a 3.8 GB ISO file download for 64-bit computers, and my target for the distro was an old desktop PC with an AMD processor and a big-enough spinning rust hard disk which had been a high-end gaming system a little over ten years ago. Not the powerhouse it once was, but it cost me nothing and it’s adequate for my needs. Installed on a USB Flash drive the Slackware installer booted, and I was ready to go. Continue reading “Jenny’s Daily Drivers: Slackware 15” →

Rocky Strikes Back At Red Hat

June 30, 2023 by Jenny List 56 Comments

The world of Linux has seen some disquiet over recent weeks following the decision of Red Hat to restrict source code distribution for Red Hat Enterprise Linux (RHEL) to only their paying customers. We’re sure that there will be plenty of fall-out to come from this news, but what can be done if your project relies upon access to those Red Hat sources?

The Red-Hat-derived Rocky Linux distro relies on access to RHEL source, so the news could have been something of a disaster. Fortunately for Rocky users though, they appear to have found a reliable way to bypass the restriction and retain access to those RHEL sources. Red Hat would like anyone wanting source access to pay them handsomely for the privilege, but the Rocky folks have spotted a way to bypass this. Using readily available cloud images they can spin up a RHEL system and use it to download their sources, and they can do this as an automated process.

We covered this story as it unfolded last week, and it seemed inevitable then that something of this nature would be found, as for all Red Hat’s wishes a GPL-licensed piece of code can’t be prevented from being shared. So Rocky users and the wider community will for now retain access to the code, but will Red Hat strike back? It’s inevitable that there will be a further backlash from the community against any such moves, but will Red Hat be foolhardy enough to further damage their standing in this regard? They’re certainly not the only large distro losing touch with their users.

Exploring The Anatomy Of A Linux Kernel Exploit

June 25, 2023 by Bryan Cockfield 21 Comments

A lot of talk and discussion happens anytime a hardware manufacturer releases a new line of faster, more powerful, or more efficient computers. It’s easy to see better and better specifications and assume that’s where all the progress is made. But without improved software and algorithms, often the full potential of the hardware can’t be realized. That’s the reason for the creation of io_uring, an improved system call interface in the Linux kernel. It’s also where [chompie] went to look for exploits.

The reason for looking here, in a part of the kernel [chompie] had only recently learned about, was twofold. First, because it’s a place where user space applications interact with the kernel, and second because it’s relatively new and that means more opportunities to find bugs. The exploit involves taking advantage of a complicated asynchronous buffer system, specifically at a location where the code confuses a memory location being used by the kernel with one which is supposed to be used for user space.

To actually get this to work as an exploit, though, a much more involved process is needed to make sure the manipulation of these memory addresses results in something actually useful, but it is eventually used to gain local privilege escalation. More about it can be found in this bug report as well. Thanks to the fact that Linux is open-source, this bug can quickly be fixed and the patch rolled out to prevent malicious attackers from exploiting it. Open-source software has plenty of other benefits besides being inherently more secure, though.

Et Tu, Red Hat?

June 23, 2023 by Jonathan Bennett 94 Comments

Something odd happened to git.centos.org last week. That’s the repository where Red Hat has traditionally published the source code to everything that’s a part of Red Hat Enterprise Linux (RHEL) to fulfill the requirements of the GPL license. Last week, those packages just stopped flowing. Updates weren’t being published. And finally, Red Hat has published a clear answer to why:

Red Hat has decided to continue to use the Customer Portal to share source code with our partners and customers, while treating CentOS Stream as the venue for collaboration with the community.

Sounds innocuous, but what’s really going on here? Let’s have a look at the Red Hat family: RHEL, CentOS, and Fedora.

RHEL is the enterprise Linux distribution that is Red Hat’s bread and butter. Fedora is RHEL’s upstream distribution, where changes happen fast and things occasionally break. CentOS started off as a community repackaging of RHEL, as allowed under the GPL and other Open Source licenses, for people who liked the stability but didn’t need the software support that you’re paying for when you buy RHEL.

Red Hat took over the reigns of CentOS back in 2014, and then imposed the transition to CentOS Stream in 2020, to some consternation. This placed CentOS Stream between the upstream Fedora, and the downstream RHEL. Some people missed the stability of the old CentOS, and in response a handful of efforts spun up to fill the gap, like Alma Linux and Rocky Linux. These projects took the source from git.centos.org, and rebuilt them into usable community operating systems, staying closer to RHEL in the process.

Red Hat has published a longer statement elaborating on the growth of CentOS Stream, but it ends with an interesting statement: “Red Hat customers and partners can access RHEL sources via the customer and partner portals, in accordance with their subscription agreement.” What exactly is in that subscription agreement? Well according to Alma Linux, “the way we understand it today, Red Hat’s user interface agreements indicate that re-publishing sources acquired through the customer portal would be a violation of those agreements.” Continue reading “Et Tu, Red Hat?” →

Linux Fu: Easy And Easier Virtual Networking

June 14, 2023 by Al Williams 15 Comments

One of the best things about Linux is that there are always multiple ways to do anything you want to do. However, some ways are easier than others. Take, for example, virtual networking. There are plenty of ways to make a bunch of Internet-connected computers appear to be on a single private network. That’s nothing new, of course. Linux and Unix have robust networking stacks. Since 2018, though, Wireguard has been the go-to solution; it has a modern architecture, secure cryptography, and good performance.

There’s only one problem: it is relatively difficult to set up. Not impossible, of course. But it is a bit difficult, depending on what you want to accomplish.

How Difficult?

You must set up a wireguard server and one or more clients. You’ll need to pick a range of IP addresses. You might need to turn on routing. You have to generate keys. You might need to configure DNS and other routing options. You’ll certainly need to modify firewall rules. You’ll also need to distribute keys.

None of these steps are terribly difficult, but it is a lot to keep straight. The wg program and wg-quick script do most of the work, but you have a lot of decisions and configuration management to keep straight.

Browse the official “quick start,” and you’ll see that it isn’t all that quick. The wg-quick script is better but only handles some use cases. If you want really limited use cases, there are third-party tools to do a lot of the rote work, but if you need to change anything, you’ll still need to figure it all out.

That being said, once you have it set up, it pretty much works without issue and works well. But that initial setup can be very frustrating. Continue reading “Linux Fu: Easy And Easier Virtual Networking” →